tpm: fix checks for policy digest existence in tpm2_seal_trusted()
In my original patch sealing with policy was done with dynamically
allocated buffer that I changed later into an array so the checks in
tpm2-cmd.c became invalid. This patch fixes the issue.
Fixes: 5beb0c435b ("keys, trusted: seal with a TPM2 authorization policy")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Acked-by: Peter Huewe <peterhuewe@gmx.de>
This commit is contained in:
Jarkko Sakkinen
@@ -478,20 +478,16 @@ int tpm2_seal_trusted(struct tpm_chip *chip,
|
||||
tpm_buf_append_u8(&buf, payload->migratable);
|
||||
|
||||
/* public */
|
||||
if (options->policydigest)
|
||||
tpm_buf_append_u16(&buf, 14 + options->digest_len);
|
||||
else
|
||||
tpm_buf_append_u16(&buf, 14);
|
||||
|
||||
tpm_buf_append_u16(&buf, 14 + options->policydigest_len);
|
||||
tpm_buf_append_u16(&buf, TPM2_ALG_KEYEDHASH);
|
||||
tpm_buf_append_u16(&buf, hash);
|
||||
|
||||
/* policy */
|
||||
if (options->policydigest) {
|
||||
if (options->policydigest_len) {
|
||||
tpm_buf_append_u32(&buf, 0);
|
||||
tpm_buf_append_u16(&buf, options->digest_len);
|
||||
tpm_buf_append_u16(&buf, options->policydigest_len);
|
||||
tpm_buf_append(&buf, options->policydigest,
|
||||
options->digest_len);
|
||||
options->policydigest_len);
|
||||
} else {
|
||||
tpm_buf_append_u32(&buf, TPM2_ATTR_USER_WITH_AUTH);
|
||||
tpm_buf_append_u16(&buf, 0);
|
||||
|
||||
Viittaa uudesa ongelmassa
Block a user